From 7f5ac5a17b33613499a7a0f3b5bcf277d337fe3c Mon Sep 17 00:00:00 2001
From: Anca Vamanu <anca@2600hz.com>
Date: Tue, 3 Sep 2013 21:55:25 +0300
Subject: [PATCH] default.cfg - introduced DOS prevention

Use pike module to drop the SIP requests in case of a DOS
attack.
---
 kamailio/default.cfg | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/kamailio/default.cfg b/kamailio/default.cfg
index f4f214c..a25563d 100644
--- a/kamailio/default.cfg
+++ b/kamailio/default.cfg
@@ -164,6 +164,9 @@ modparam("mi_fifo", "fifo_name", "/tmp/kamailio_fifo")
 ######## UAC Redirection module ########
 loadmodule "uac_redirect.so"
 
+######## DoS prevention mdule ########
+loadmodule "pike.so"
+
 ####### Role Configurations ##########
 #!ifdef DISPATCHER-ROLE
 include_file "dispatcher-role.cfg"
@@ -198,6 +201,8 @@ route
     route(DISPATCHER_CLASSIFY_SOURCE);
     #!endif
 
+    route(DOS_PREVENTION);
+
     route(HANDLE_OPTIONS);
 
     route(HANDLE_MOVE_REQUEST);
@@ -373,6 +378,18 @@ route[EXTERNAL_TO_INTERNAL_RELAY]
     t_relay();
 }
 
+route[DOS_PREVENTION]
+{
+    if (!isflagset(FLAG_INTERNALLY_SOURCED)) {
+        if (!pike_check_req()) {
+            if( $rc == -2) {
+                xlog("L_ERR", "DOS detected: $rm to $ru from $fu, UA $ua, IP $si\n");
+            }
+            exit;
+        }
+    }
+}
+
 onreply_route[EXTERNAL_REPLY] 
 {
     xlog("L_INFO", "$ci|log|external reply $T_reply_code");